GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-21 06:07:17 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000033 ST1000LM024_HN-M101MBB rev.2BA30003 931,51GB Running: ny88re3k.exe; Driver: C:\Users\Ewelina\AppData\Local\Temp\kxtyiuob.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\CCleaner\CCleaner64.exe[2976] C:\Windows\system32\USER32.dll!ShowScrollBar 00007ffa14121150 5 bytes JMP 00007ff994150018 .text C:\Program Files\CCleaner\CCleaner64.exe[2976] C:\Windows\system32\USER32.dll!SetScrollInfo 00007ffa14128430 5 bytes JMP 00007ff994140018 .text C:\Program Files\CCleaner\CCleaner64.exe[2976] C:\Windows\system32\USER32.dll!SetScrollRange 00007ffa14141100 5 bytes JMP 00007ff994190018 .text C:\Program Files\CCleaner\CCleaner64.exe[2976] C:\Windows\system32\USER32.dll!GetScrollInfo 00007ffa141454a0 5 bytes JMP 00007ff994160018 .text C:\Program Files\CCleaner\CCleaner64.exe[2976] C:\Windows\system32\USER32.dll!SetScrollPos 00007ffa14156260 5 bytes JMP 00007ff9941d0018 .text C:\Program Files\CCleaner\CCleaner64.exe[2976] C:\Windows\system32\USER32.dll!GetScrollPos 00007ffa14157120 1 byte JMP 00007ff994180018 .text C:\Program Files\CCleaner\CCleaner64.exe[2976] C:\Windows\system32\USER32.dll!GetScrollPos + 2 00007ffa14157122 3 bytes {JMP 0xffffffff80028ef8} .text C:\Program Files\CCleaner\CCleaner64.exe[2976] C:\Windows\system32\USER32.dll!EnableScrollBar 00007ffa141586f0 5 bytes JMP 00007ff994170018 .text C:\Program Files\CCleaner\CCleaner64.exe[2976] C:\Windows\system32\USER32.dll!GetScrollRange 00007ffa141aec70 5 bytes JMP 00007ff9941c0018 ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [2864:3064] fffff9600095a2d0 ---- Services - GMER 2.2 ---- Service C:\Windows\system32\drivers\bsdriver.sys (*** hidden *** ) [SYSTEM] bsdriver <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -680628022 Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver@ImagePath \??\C:\Windows\system32\drivers\bsdriver.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver@DisplayName bsdriver Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver@Group Base Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver\Instances@DefaultInstance bsdriver Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver\Instances\bsdriver Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver\Instances\bsdriver@Altitude 333111 Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver\Instances\bsdriver@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\4cbb58359e53 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\4cbb58359e53@94ce2c1650ff 0x68 0x97 0x99 0x19 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\4cbb58359e53@34e6adbf7add 0x73 0xE3 0xAB 0x5F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ??r?, ?kwi ?20 ?16, 08:35:48??????n???????n???????????????n???? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 6701 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime 0xAC 0x64 0x20 0x01 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Logo100 %USERPROFILE%\AppData\Local\Microsoft\Windows\Explorer\TileCacheLogo-5473843_100.dat ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----